<?php

namespace App\Http\Middleware;

use Closure;
use App\Role;
use DB;
use Route;

class Rule
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
       if(!isset($_POST['_token'])){
           //获取当前管理员信息
           $rid = session('role');

           //查询出所有该用户的权限
           $role = Role::find($rid);
           //切割
           $temp = explode(',',$role->pid);
           //数据替换
           foreach($temp as $key => $per){
               $data = DB::table('privileges')->select('action')->where('pid',$per)->first();
               $temp[$key] = $data-> action;
           }
           $role->pid = $temp;

            //获取当前操作
            $route = Route::current();
            $name = $route->getActionName();
           $action = Route::currentRouteAction();

           if(strpos($action, 'ImgController') !== false){
                return $next($request);
           }

           $action = ltrim(strchr($action,'@'),'@');

            //白名单
           $arr = array('orderinfo','orderlist','weifu','yishou','yifa','end','glist','goodsdel');
           if(in_array($action, $arr)){
                return $next($request);
           }

           if(!in_array($action, $role->pid)){
               die("没有权限");
           }
       }
        return $next($request);
    }
}
